Content library
Cyberday content library
Equipment maintenance and safety

Requirement description

How to fill the requirement

Cyberday content library

Equipment maintenance and safety

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
Laitteistojen suojaus luvattomia laitteita vastaan (TL II)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
2
requirements

Examples of other requirements this task affects

TEK-17.4: Muutoshallintamenettelyt - TL II
Julkri
I-16: TURVALLISUUSLUOKITELLUN TIEDON KÄSITTELYYN LIITTYVÄN TIETOJENKÄSITTELY-YMPÄRISTÖN SUOJAUS KOKO ELINKAAREN AJAN – MUUTOSHALLINTAMENETTELYT
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Laitteistojen suojaus luvattomia laitteita vastaan (TL II)
1. Task description

Laitteistot suojataan luvattomien laitteiden (näppäilynauhoittimet, langattomat lähettimet ml. mobiililaitteet ja vastaavat) liittämistä vastaan.

Baseline configuration for systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
3
requirements

Examples of other requirements this task affects

PR.IP-1: A baseline configuration of information technology systems
NIST
PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles.
CyFun
See all related requirements and other information from tasks own page.
Go to >
Baseline configuration for systems
1. Task description

The organization has maintained a basic configuration requirement for IT systems and industrial control systems that takes into account security principles, such as the concept of least functionality.

Ensuring hardware integrity
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
3
requirements

Examples of other requirements this task affects

PR.DS-8: Integrity checking (hardware)
NIST
PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity.
CyFun
See all related requirements and other information from tasks own page.
Go to >
Ensuring hardware integrity
1. Task description

The organization must ensure the integrity of its hardware components. This can be done:

  • With hard to copy labels
  • With verifiable serial numbers provided by the developer
  • By requiring the use of anti-tampering technologies
  • Hardware shipments include hardware and firmware upgrades


Identifying the hardware that is connecting to the datacenter
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Identifying the hardware that is connecting to the datacenter
1. Task description

The organization must use equipment identification as a means of establishing a connection.

Where appropriate, the organization should use location-aware technologies to validate the integrity of authentication based on known device locations.

Documentation of other protected assets
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
27
requirements

Examples of other requirements this task affects

8.1.1: Inventory of assets
ISO27 Full
8.1.2: Ownership of assets
ISO27 Full
ID.AM-1: Physical device inventory
NIST
ID.AM-2: Software and app inventory
NIST
HAL-04: Suojattavat kohteet
Julkri
See all related requirements and other information from tasks own page.
Go to >
Documentation of other protected assets
1. Task description

The organization shall list all relevant protected assets to determine ownership and to ensure that security measures cover all necessary items.

A large portion of the protected assets (including data sets, data systems, personnel / units, and partners) are treated through other tasks. In addition, the organization must list other important assets, which may be, depending on the nature of its operations, e.g. hardware (servers, network equipment, workstations, printers) or infrastructure (real estate, power generation, air conditioning). In addition the organization should make sure that relevant external devices are documented.

Safe placement of equipment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
19
requirements

Examples of other requirements this task affects

11.1.3: Securing offices, rooms and facilities
ISO27 Full
11.1.4: Protecting against external and environmental threats
ISO27 Full
11.2.1: Equipment siting and protection
ISO27 Full
Toiminnan jatkuvuuden hallinta
Katakri
F08: Toiminnan jatkuvuuden varmistaminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Safe placement of equipment
1. Task description

For example, data processing equipment, as well as other important equipment, should be placed in the premises safely and with consideration. Placement should restrict unauthorized access to devices.

Ensuring the quality of equipment maintenance
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
7
requirements

Examples of other requirements this task affects

11.2.4: Equipment maintenance
ISO27 Full
F04: Kulkuoikeuksien hallinta
Katakri
PR.MA-1: Asset management and repair
NIST
7.13: Equipment maintenance
ISO27k1 Full
A1.2: Recovery of infrastructure according to objectives
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Ensuring the quality of equipment maintenance
1. Task description

Equipment should be serviced at intervals recommended by the supplier and in accordance with the supplier's specifications.

Basic service testing, fault tolerance evaluation and verification
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
15
requirements

Examples of other requirements this task affects

11.1.4: Protecting against external and environmental threats
ISO27 Full
11.2.2: Supporting utilities
ISO27 Full
Toiminnan jatkuvuuden hallinta
Katakri
F08: Toiminnan jatkuvuuden varmistaminen
Katakri
PR.IP-5: Physical operating environment
NIST
See all related requirements and other information from tasks own page.
Go to >
Basic service testing, fault tolerance evaluation and verification
1. Task description

The operation of basic services (such as electricity, telecommunications, water supply, sewerage, heating, ventilation and air conditioning) will be monitored to ensure that their capacity covers business growth.

Setting up and resourcing backup equipment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
3
requirements

Examples of other requirements this task affects

Article 12: Backup policies and procedures, restoration and recovery procedures and methods
DORA
See all related requirements and other information from tasks own page.
Go to >
Setting up and resourcing backup equipment
1. Task description

Organisation must setup and maintain redundant equipment to their ICT environment which can adequately ensure business needs. The equipment should be setup to have the needed resources, capabilities and functions to run the needed operations.

Handling the loss, misuse, damage and theft of assets
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
1
requirements

Examples of other requirements this task affects

PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition.
CyFun
See all related requirements and other information from tasks own page.
Go to >
Handling the loss, misuse, damage and theft of assets
1. Task description

The organization should define policies, processes or technical measures to handle the loss, misuse, damaging and theft of organizational assets. These could include the following:

  • Reporting process
  • Guidelines and manuals
  • Asset and inventory tracking
  • Insurance
  • Regular audits
  • Access control
  • Device hardening
  • Training and awareness programs
  • Mobile device management
  • Data encryption and protection
  • Physical security
Secure usage of maintenance tools and portable devices for organization's systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
1
requirements

Examples of other requirements this task affects

PR.MA-1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools.
CyFun
See all related requirements and other information from tasks own page.
Go to >
Secure usage of maintenance tools and portable devices for organization's systems
1. Task description

The organization establishes and enforces strict controls over the use of maintenance tools and portable storage devices in the organization's OT/ICS environments. These include:

  • Implementing approval and monitoring processes for maintenance tools such as diagnostic test equipment, packet sniffers, and laptops
  • Ensure that all maintenance equipment and portable devices are inspected upon entry into the facility and protected by anti-malware solutions before being used on critical systems
  • Equipment containing critical system information should be secured and their unauthorized removal prevented
Regular updating and maintenance of hardware
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Regular updating and maintenance of hardware
1. Task description

Organization ensures that all organizational hardware is regularly reviewed for security capabilities and for the need of acquiring patches, updates and or upgrades. Ensure secure handling of hardware during maintenance by restricting access to authorized personnel and implementing controls that prevent tampering or unauthorized access.

In addition plans are defined and implemented for hardware end-of-life, including maintenance support and obsolescence management, ensuring that the outdated hardware does not introduce security risks.

Process for reviewing and approving hardware before deployment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process for reviewing and approving hardware before deployment
1. Task description

The organization has a process to review and approve hardware before installation or use. The process includes at least:

  • Verify authenticity: Confirm the authenticity of the hardware, ensuring it comes from trusted and reputable vendors.
  • Assess conformance: Ensure the hardware meets the organization's security standards and technical requirements for use in the specific environment.
  • Check for firmware integrity: Ensure that the hardware’s firmware is genuine, up-to-date, and free from unauthorized modifications.

This process should include special-purpose hardware, such as diagnostic or maintenance tools ensuring they meet security and operational requirements.

Use of surge protectors and uninterruptible power supplies (UPS)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
7
requirements

Examples of other requirements this task affects

11.2.2: Supporting utilities
ISO27 Full
Toiminnan jatkuvuuden hallinta
Katakri
F08: Toiminnan jatkuvuuden varmistaminen
Katakri
PR.IP-5: Physical operating environment
NIST
7.11: Supporting utilities
ISO27k1 Full
See all related requirements and other information from tasks own page.
Go to >
Use of surge protectors and uninterruptible power supplies (UPS)
1. Task description

Surge protectors prevent current level rises and falls from damaging the equipment. Uninterruptible power supplies (UPS), on the other hand, guarantee a limited amount of battery power, which allows you to work even during short power outages. Critical equipment is held in connection to a UPS.

Alarm systems for equipment environment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
13
requirements

Examples of other requirements this task affects

11.2.1: Equipment siting and protection
ISO27 Full
11.2.2: Supporting utilities
ISO27 Full
Toiminnan jatkuvuuden hallinta
Katakri
F08: Toiminnan jatkuvuuden varmistaminen
Katakri
PR.IP-5: Physical operating environment
NIST
See all related requirements and other information from tasks own page.
Go to >
Alarm systems for equipment environment
1. Task description

Alarm systems monitor the level of key environmental conditions (e.g. temperature and humidity) that can adversely affect the operation of data processing equipment. There should also be a functioning fire alarm system in the environment.

Cabling security
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
5
requirements

Examples of other requirements this task affects

11.2.3: Cabling security
ISO27 Full
ID.BE-4: Dependencies and critical functions
NIST
7.12: Cabling security
ISO27k1 Full
2.4.3: Identify physical access to switches and cables
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Cabling security
1. Task description

Power and communication cables that either move data themselves or support data transmission services are protected from damage, eavesdropping and interference.

The safety of cabling should take into account e.g. the following points:

  • communication lines should, as far as possible, be underground or otherwise adequately protected
  • electrical cables should be insulated from telecommunication cables to avoid interference
  • use of armored cables, electromagnetic shielding or technical raking in very critical places
Lightning protection
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
2
requirements

Examples of other requirements this task affects

11.2.1: Equipment siting and protection
ISO27 Full
7.8: Equipment siting and protection
ISO27k1 Full
See all related requirements and other information from tasks own page.
Go to >
Lightning protection
1. Task description

All buildings and all incoming power lines and external communication lines are equipped with lightning protection.

Electromagnetic data breach management
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
11
requirements

Examples of other requirements this task affects

11.1.3: Securing offices, rooms and facilities
ISO27 Full
11.2.1: Equipment siting and protection
ISO27 Full
I14: Hajasäteily (TEMPEST)
Katakri
PR.DS-2: Data-in-transit
NIST
FYY-01.1: Fyysisen turvallisuuden riskien arviointi - TEMPEST - TL III
Julkri
See all related requirements and other information from tasks own page.
Go to >
Electromagnetic data breach management
1. Task description

Electronic devices such as cables, monitors, copiers, tablets and smartphones leak electromagnetic radiation, from which it is possible to find out the original transmitted data with the right hardware and, for example, steal the entered username and password.

Openings in the premises' structures (windows, doors, air conditioning) are protected to prevent radiation from escaping. In addition, equipment handling confidential data is located so as to minimize the risk of leakage due to electromagnetic leakage.

Equipment maintenance log
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
5
requirements

Examples of other requirements this task affects

11.2.4: Equipment maintenance
ISO27 Full
PR.MA-1: Asset management and repair
NIST
7.13: Equipment maintenance
ISO27k1 Full
A1.2: Recovery of infrastructure according to objectives
SOC 2
PR.MA-1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools.
CyFun
See all related requirements and other information from tasks own page.
Go to >
Equipment maintenance log
1. Task description

Maintenance performed on the equipment is recorded in a log, which contains information e.g.:

  • of suspected and happened defects
  • of preventive and remedial actions
  • of checking the equipment after maintenance
Physical switch security
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
1
requirements

Examples of other requirements this task affects

2.4.3: Identify physical access to switches and cables
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Physical switch security
1. Task description

Identify physical access to switches. It is important to make sure that switches are properly secured and unauthorized parties can't access them.

Universal cyber compliance language model: Comply with confidence and least effort

In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.

Security frameworks tend to share the common core. All frameworks cover basic topics like risk management, backup, malware, personnel awareness or access management in their respective sections.
Cyberday’s universal cyber security language technology creates you a single security plan and ensures you implement the common parts of frameworks just once. You focus on implementing your plan, we automate the compliance part - for current and upcoming frameworks.
Start your free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
1.1 (MIL2): Manage IT and OT Asset Inventory
C2M2: MIL1
1.1 (MIL3): Manage IT and OT Asset Inventory
C2M2: MIL1
1.1.1: Availability of information security policies
TISAX
1.1.1: Identify the organisation’s strategy and priorities
NSM ICT-SP
1.1.2: Identify the organisation’s structures and processes for security management
NSM ICT-SP
1.1.3: Identify the organisation’s processes for ICT risk management
NSM ICT-SP
1.1.4: Identify the organisation’s tolerances for ICT risk
NSM ICT-SP
1.1.5: Identify the organisation’s deliverables, information systems and supporting ICT functions
NSM ICT-SP
1.1.6: Identify information processing and data flow
NSM ICT-SP
1.2 (MIL2): Manage Information Asset Inventory
C2M2: MIL1
1.2 (MIL3): Manage Information Asset Inventory
C2M2: MIL1
1.2.1: Establish a process to identify devices and software in use at the organisation
NSM ICT-SP
1.2.1: Scope of Information Security management
TISAX
1.2.2: Establish organisational guidelines for approved devices and software
NSM ICT-SP
1.2.2: Information Security Responsibilities
TISAX
1.2.3: Identify devices in use at the organisation
NSM ICT-SP
1.2.3: Information Security requirements in projects
TISAX
1.2.4: Definition of responsibilities with service providers
TISAX
1.2.4: Identify the software in use at the organisation
NSM ICT-SP
1.2: Manage Information Asset Inventory
C2M2: MIL1
1.3 (MIL2): Manage IT and OT Asset Configuration
C2M2: MIL1
1.3 (MIL3): Manage IT and OT Asset Configuration
C2M2: MIL1
1.3.1: Identification of information assets
TISAX
1.3.1: Identify the users of the information systems
NSM ICT-SP
1.3.2: Classification of information assets
TISAX
1.3.2: Identify and define the different user categories
NSM ICT-SP
1.3.3: Identify roles and responsibilities linked especially to ICT security
NSM ICT-SP
1.3.3: Use of approved external IT services
TISAX
1.3.4: Use of approved software
TISAX
1.3: Manage IT and OT Asset Configuration
C2M2: MIL1
1.4 (MIL2): Manage Changes to IT and OT Assets
C2M2: MIL1
1.4 (MIL3): Manage Changes to IT and OT Assets
C2M2: MIL1
1.4.1: Management of Information Security Risks
TISAX
1.4: Manage Changes to IT and OT Assets
C2M2: MIL1
1.5 (MIL1): Management Activities for the ASSET domain
C2M2: MIL1
1.5 (MIL2): Management Activities for the ASSET domain
C2M2: MIL1
1.5 (MIL3): Management Activities for the ASSET domain
C2M2: MIL1
1.5.1: Assessment of policies and requirements
TISAX
1.5.2: External review of ISMS
TISAX
1.5: Management Activities for the ASSET domain
C2M2: MIL1
1.6.1: Reporting of security events
TISAX
1.6.2: Management of reported events
TISAX
1.6.3: Crisis preparedness
TISAX
10 §: Johdon vastuu
KyberTL
10. Processing of personal data relating to criminal convictions and offences
GDPR
10.1 (MIL2): Establish Cybersecurity Program Strategy
C2M2: MIL1
10.1 (MIL3): Establish Cybersecurity Program Strategy
C2M2: MIL1
10.1.1: Policy on the use of cryptographic controls
ISO27 Full
10.1.2: Key management
ISO27 Full
10.1.2: Key management
ISO 27017
10.1: Continuous improvement
ISO27k1 Full
10.1: Cryptographic controls
ISO27 Full
10.1: Cryptographic controls
ISO 27017
10.1: Establish Cybersecurity Program Strategy
C2M2: MIL1
10.2 (MIL2): Establish and Maintain Cybersecurity Program
C2M2: MIL1
10.2 (MIL3): Establish and Maintain Cybersecurity Program
C2M2: MIL1
10.2: Establish and Maintain Cybersecurity Program
C2M2: MIL1
10.2: Non-conformity and corrective action
ISO27k1 Full
10.3 (MIL1): Management Activities for the PROGRAM domain
C2M2: MIL1
10.3 (MIL2): Management Activities for the PROGRAM domain
C2M2: MIL1
10.3 (MIL3): Management Activities for the PROGRAM domain
C2M2: MIL1
10.3: Management Activities for the PROGRAM domain
C2M2: MIL1
10: Cryptography
ISO27 Full
10: Cryptography
ISO 27017
10: Cybersecurity Program Management (PROGRAM)
C2M2: MIL1
10: Prosessi väärinkäytöksiin reagoimiseksi
Sec overview
11 §: Poikkeamailmoitukset viranomaiselle
KyberTL
11. Processing which does not require identification
GDPR
11.1.1: Physical security perimeter
ISO27 Full
11.1.2: Physical entry controls
ISO27 Full
11.1.3: Securing offices, rooms and facilities
ISO27 Full
11.1.4: Protecting against external and environmental threats
ISO27 Full
11.1.5: Working in secure areas
ISO27 Full
11.1.6: Delivery and loading areas
ISO27 Full
11.1: Secure areas
ISO27 Full
11.2.1: Equipment siting and protection
ISO27 Full
11.2.2: Supporting utilities
ISO27 Full
11.2.3: Cabling security
ISO27 Full
11.2.4: Equipment maintenance
ISO27 Full
11.2.5: Removal of assets
ISO27 Full
11.2.6: Security of equipment and assets off-premises
ISO27 Full
11.2.7: Secure disposal or re-use of equipment
ISO27 Full
11.2.7: Secure disposal or re-use of equipment
ISO 27017
11.2.8: Unattended user equipment
ISO27 Full
11.2.9: Clear desk and clear screen policy
ISO27 Full
11.2: Equipment
ISO27 Full
11.2: Equipment
ISO 27017
11: Digiturvan mittarien määrittäminen
Sec overview
11: Physical and environmental security
ISO27 Full
11: Physical and environmental security
ISO 27017
12 §: Luotettavuutta edellyttävien tehtävien tunnistaminen ja luotettavuudesta varmistuminen
TiHL
12 §: Poikkeamaa koskeva väliraportti
KyberTL
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
GDPR
12.1.1: Documented operating procedures
ISO27 Full
12.1.2: Change management
ISO27 Full
12.1.3: Capacity management
ISO27 Full
12.1.4: Separation of development, testing and operational environments
ISO27 Full
12.1: Operational procedures and responsibilities
ISO27 Full
12.2.1: Controls against malware
ISO27 Full
12.2: Protection from malware
ISO27 Full